hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: HTTP async client and accessing server certificate (SSL)
Date Fri, 31 May 2013 08:59:49 GMT
On Thu, 2013-05-30 at 15:07 -0400, Sachin Nikumbh wrote:
> Hi Oleg,
> 
> Thanks for your reply. I started digging through the Apache async client
> code and have come with a way to access the server certificate immediately
> after the SSL handshake in the verify method of SSLSetupHandler, To achieve
> this, I created my own MySSLLayeringStrategy class that
> extends SSLLayeringStrategy as shows below :
> 
> ********************************************************
> class MySSLLayeringStrategy extends SSLLayeringStrategy{
> 
>         private SSLContext sslContext;
> 
>         public MySSLLayeringStrategy(SSLContext context){
>             super(context);
>             this.sslContext = context;
>         }
> 
>         protected void initializeEngine(final SSLEngine engine) {
>             super.initializeEngine(engine);
>         }
> 
>         protected void verifySession(final IOSession iosession,
>                           final SSLSession sslsession) throws SSLException {
>             super.verifySession(iosession, sslsession);
>         }
> 
>         public SSLIOSession layer(final IOSession iosession) {
>             SSLIOSession ssliosession = new SSLIOSession(iosession,
> SSLMode.CLIENT, this.sslContext,
>                     new MySSLSetupHandler());
>             iosession.setAttribute(SSLIOSession.SESSION_KEY, ssliosession);
>             return ssliosession;
>         }
> 
>         class MySSLSetupHandler implements SSLSetupHandler {
> 
>             public void initalize(
>                     final SSLEngine sslengine) throws SSLException {
>                 initializeEngine(sslengine);
>             }
> 
>             public void verify(
>                     final IOSession iosession,
>                     final SSLSession sslsession) throws SSLException {
> 
>                 verifySession(iosession, sslsession);
> 
>                 // Now that basic hostname verification is done, perform
> extra authorization based on peer DN
>                 String peerDN = sslsession.getPeerPrincipal().getName();
>                 if ( !authorizedPeer(peerDN) ){
>                     throw new RuntimeException("Authorization failed");
>                 }
>             }
>         }
>     }
> ********************************************************
> 
> Now, I am using MySSLLayeringStrategy to create AsyncScheme
> 
> ********************************************************
> AsyncScheme scheme = new AsyncScheme( "https", 443, new
> MySSLLayeringStrategy(sslContext) );
> ********************************************************
> 
> This seems to be doing the job but the exception thrown in the verify
> method causes the DefaultHttpAsyncClient instance to close abnormally as I
> can see from the exception thrown:
> 

Why are throwing a RuntimeException exception for what is clearly an SSL
issue?

Oleg



---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message